Vulnerabilites related to cisco - unified_ip_phone_6945
Vulnerability from fkie_nvd
Published
2020-06-18 03:15
Modified
2024-11-21 05:30
Severity ?
Summary
A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_6901_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A9B5E567-41A0-4C9A-91A3-63EB5543F73F", versionEndIncluding: "12.8\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_6901:-:*:*:*:*:*:*:*", matchCriteriaId: "12C78A9E-35FA-4CC7-B51F-25133B3D6DA9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_6961_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8B0A706C-5D52-4FF9-A7D0-D81B8D44A7A0", versionEndIncluding: "12.8\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_6961:-:*:*:*:*:*:*:*", matchCriteriaId: "BEDF755A-DFA2-4BCB-9A06-0A225B8F05B7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_6945_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9303F605-1F5D-4740-BE11-0A1176A68E80", versionEndIncluding: "12.8\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_6945:-:*:*:*:*:*:*:*", matchCriteriaId: "4B3B667E-9019-4A33-9BB0-D15560EC4145", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_6941_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "455F7CDE-B0C9-44B7-AD55-EA03B287A9DF", versionEndIncluding: "12.8\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_6941:-:*:*:*:*:*:*:*", matchCriteriaId: "FAD4832E-16D3-4E26-B8ED-D32F5CB83180", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_6921_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FB7A8AC1-6EF0-4FDC-8C18-3118F3F53C8B", versionEndIncluding: "12.8\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_6921:-:*:*:*:*:*:*:*", matchCriteriaId: "9B807519-7A91-4137-8B0D-0820C6299C13", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_6911_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4CEC48E7-E9D8-406D-963C-06F5F2209423", versionEndIncluding: "12.8\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_6911:-:*:*:*:*:*:*:*", matchCriteriaId: "F32CF4BC-40AD-4C9C-8787-2B7EAE2B3B5F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_7832_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "552DA0C7-01D3-46E1-AC87-2CF41408EF0D", versionEndIncluding: "12.8\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_7832:-:*:*:*:*:*:*:*", matchCriteriaId: "2C42D5D4-E5BF-4668-81F0-9D76552E0DCE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_7861_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0CAED4E4-23FA-4B15-8138-8B79392FC666", versionEndIncluding: "12.8\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_7861:-:*:*:*:*:*:*:*", matchCriteriaId: "045E3CD2-AC00-4BA7-A0B0-94D9ACF1F6CF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_7841_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0C60EC68-7A31-4CBB-BCC4-DD56299C6EEA", versionEndIncluding: "12.8\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_7841:-:*:*:*:*:*:*:*", matchCriteriaId: "2CAEF25F-B028-487D-B396-C33D5246D188", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_7821_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A0921726-02A0-47D0-9E40-E1E3DD6D5A22", versionEndIncluding: "12.8\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_7821:-:*:*:*:*:*:*:*", matchCriteriaId: "182E3741-46FC-47D3-B075-772E87C8F80C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_7811_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C1EFB1A0-ED54-4586-9A10-E27A936AE6B6", versionEndIncluding: "12.8\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_7811:-:*:*:*:*:*:*:*", matchCriteriaId: "6551539F-39C1-4CD6-92F3-FE330E92CC06", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_7937g_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CE7BECC3-B86D-4669-8463-DAE35D406B1B", versionEndIncluding: "12.8\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_7937g:-:*:*:*:*:*:*:*", matchCriteriaId: "F69722C8-73F9-4989-817B-DF8F882676AD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_7975g_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F6D10125-025C-42B5-93D9-5A4FA79290C3", versionEndIncluding: "12.8\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_7975g:-:*:*:*:*:*:*:*", matchCriteriaId: "8BA879B6-04D6-402A-8F38-8A7CB34D76F4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_7965g_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "82C369BE-4A67-489B-9A26-AB00D4C4E409", versionEndIncluding: "12.8\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_7965g:-:*:*:*:*:*:*:*", matchCriteriaId: "FF30D1CC-D27F-49FF-9C63-BB890002D1C2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_7962g_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CA428649-4098-4166-8ED3-4A1C707F00FB", versionEndIncluding: "12.8\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_7962g:-:*:*:*:*:*:*:*", matchCriteriaId: "8424EA40-BAEE-4503-A826-003C478D07F0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_7961g_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "57152C53-3445-4CDD-9C3F-DB0067611DAB", versionEndIncluding: "12.8\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_7961g:-:*:*:*:*:*:*:*", matchCriteriaId: "C1B979DC-52B4-497E-9D7C-3D8F861E6E26", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_7960g_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B10AA232-FF33-4062-977C-984D2E2CBF70", versionEndIncluding: "12.8\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_7960g:-:*:*:*:*:*:*:*", matchCriteriaId: "7DFA9051-62CB-4C7B-9C97-CD901DC778F0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_7945g_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5D8A52F3-1D02-4D2F-A68D-276D065BD00B", versionEndIncluding: "12.8\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_7945g:-:*:*:*:*:*:*:*", matchCriteriaId: "5980E646-CA07-4222-A9DD-A71306A4A678", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_7942g_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7E24932D-8F8E-4991-858D-246D5CD594B7", versionEndIncluding: "12.8\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_7942g:-:*:*:*:*:*:*:*", matchCriteriaId: "37232BAF-C3BD-45A3-B54F-3DA2E15F2FBD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_7941g_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "79A195E8-4210-4F4A-B742-1C943DF5D2AF", versionEndIncluding: "12.8\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_7941g:-:*:*:*:*:*:*:*", matchCriteriaId: "E7519FF0-672E-430F-980D-53D2A851C78C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_7940g_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "34AC4FC0-1504-449C-86CC-1033D0BBD994", versionEndIncluding: "12.8\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_7940g:-:*:*:*:*:*:*:*", matchCriteriaId: "84AEFB6F-3534-478A-97FF-C100A86A269E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_7931g_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C2B814BA-710F-4E42-8EA0-F9B59B5E2A39", versionEndIncluding: "12.8\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_7931g:-:*:*:*:*:*:*:*", matchCriteriaId: "E0D51724-CA7C-4F8E-9C02-408A96E32860", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_7911g_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CB2313E3-D3C9-4990-8657-05345C386759", versionEndIncluding: "12.8\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_7911g:-:*:*:*:*:*:*:*", matchCriteriaId: "0BF164BA-91F9-434B-9837-1B6E600A91AF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_7906g_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F7EA3D2C-8327-4D0F-9AD8-3373AB3CCC53", versionEndIncluding: "12.8\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_7906g:-:*:*:*:*:*:*:*", matchCriteriaId: "94B18568-30F5-40BF-96DB-589ED8D960F5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_8811_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2D8DA83E-9548-455E-BCFF-5238FB56BF48", versionEndIncluding: "12.8\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_8811:-:*:*:*:*:*:*:*", matchCriteriaId: "D96E5B04-7CFF-4DF9-A356-C015AD8F5536", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_8841_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "15426BD5-25E2-43B6-9E6E-346F26E2AC1A", versionEndIncluding: "12.8\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_8841:-:*:*:*:*:*:*:*", matchCriteriaId: "80B68502-F042-4094-BECB-0C59C3C6D07F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_8845_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "33CD3FFF-1517-4EF7-AE38-F6DA836100AE", versionEndIncluding: "12.8\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_8845:-:*:*:*:*:*:*:*", matchCriteriaId: "CF629B3C-0874-4BC9-97F3-28A5A7AC8917", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_8851_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8CD08767-7F00-48E6-87A9-99FE9E2D96B9", versionEndIncluding: "12.8\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_8851:-:*:*:*:*:*:*:*", matchCriteriaId: "37B37ABB-C273-47B1-B7B0-692280CC957B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_8851nr_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "79C63F44-F1B6-47A3-900E-BA9B7A2EDAE3", versionEndIncluding: "12.8\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_8851nr:-:*:*:*:*:*:*:*", matchCriteriaId: "B021B260-CD3C-4EA5-9A2C-FE80B4ACA787", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_8861_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "118AE4A2-F0DB-4E0B-9998-A56711723D34", versionEndIncluding: "12.8\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_8861:-:*:*:*:*:*:*:*", matchCriteriaId: "3BB9129D-607E-4227-984E-F0FC2F9047ED", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_8865_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27AFD285-F65F-4B09-97C1-082C953EFCB9", versionEndIncluding: "12.8\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_8865:-:*:*:*:*:*:*:*", matchCriteriaId: "B01FB146-FB66-4251-8025-F38C49FE9CAC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_8865nr_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8399BC8F-6DCD-4A61-9E1B-FFA636BAD4C2", versionEndIncluding: "12.8\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_8865nr:-:*:*:*:*:*:*:*", matchCriteriaId: "5EB7D543-296F-44AE-9335-BF3244F21E55", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_8961_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "25923E46-A572-4731-9EAA-3A3B52D83FD3", versionEndIncluding: "12.8\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_8961:-:*:*:*:*:*:*:*", matchCriteriaId: "73338C3B-3AFA-4F64-B8C6-FDEBBBDCFD31", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_8945_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "02037FE7-B885-4C3D-9516-8C8D32D168B9", versionEndIncluding: "12.8\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_8945:-:*:*:*:*:*:*:*", matchCriteriaId: "645668C0-1702-4EBE-AF4D-F73824AF4C41", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_8941_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "89E58087-9ABF-4BF6-BCC9-F7904593A5D6", versionEndIncluding: "12.8\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_8941:-:*:*:*:*:*:*:*", matchCriteriaId: "FE80CCF2-84B6-409D-BED3-D1C3D8807D5F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_9971_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "486E6F8D-3563-42DF-86FA-34200B14FB2F", versionEndIncluding: "12.8\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_9971:-:*:*:*:*:*:*:*", matchCriteriaId: "FBF7ABE8-03D3-4ACA-834A-89D37D5EBFB2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_9951_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4C416A15-52CB-4850-8C5B-E3E9C9087FB3", versionEndIncluding: "12.8\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_9951:-:*:*:*:*:*:*:*", matchCriteriaId: "C0B483E7-0B8D-480B-94B9-93F00AE91B4B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.", }, { lang: "es", value: "Una vulnerabilidad en la funcionalidad Web Access de Cisco IP Phones Series 7800 y Series 8800, podría permitir a un atacante remoto no autenticado visualizar información confidencial sobre un dispositivo afectado. La vulnerabilidad es debido a controles de acceso inapropiados en la interfaz de administración basada en web de un dispositivo afectado. Un atacante podría explotar esta vulnerabilidad mediante el envío de solicitudes maliciosas al dispositivo, lo que podría permitirle omitir las restricciones de acceso. Un ataque con éxito podría permitir al atacante visualizar información confidencial, incluyendo los registros de llamadas del dispositivo que contienen nombres, nombres de usuario y números de teléfono de los usuarios del dispositivo", }, ], id: "CVE-2020-3360", lastModified: "2024-11-21T05:30:52.567", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "ykramarz@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-18T03:15:14.403", references: [ { source: "ykramarz@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM", }, ], sourceIdentifier: "ykramarz@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "ykramarz@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-863", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-06-15 18:15
Modified
2024-11-21 06:43
Severity ?
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user's phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_6911_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "33DC1B73-7716-4C33-B708-DB70C91D4EFF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_6911:-:*:*:*:*:*:*:*", matchCriteriaId: "F32CF4BC-40AD-4C9C-8787-2B7EAE2B3B5F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_6921_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "CF807E93-45B9-4197-A475-81FD8BB84360", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_6921:-:*:*:*:*:*:*:*", matchCriteriaId: "9B807519-7A91-4137-8B0D-0820C6299C13", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_6941_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "538BDFFF-1F29-4612-9415-9ABE0DF61B3B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_6941:-:*:*:*:*:*:*:*", matchCriteriaId: "FAD4832E-16D3-4E26-B8ED-D32F5CB83180", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_6945_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "73C85716-FF1C-4DDF-BA4B-8F082C0F41EB", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_6945:-:*:*:*:*:*:*:*", matchCriteriaId: "4B3B667E-9019-4A33-9BB0-D15560EC4145", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_6961_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "BE612EC5-04F4-48C7-9491-513DE4752304", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_6961:-:*:*:*:*:*:*:*", matchCriteriaId: "BEDF755A-DFA2-4BCB-9A06-0A225B8F05B7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_8941_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "A2CADFBC-152A-4360-8A3B-74AC7D7C6AE4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_8941:-:*:*:*:*:*:*:*", matchCriteriaId: "FE80CCF2-84B6-409D-BED3-D1C3D8807D5F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_8945_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F2811EB8-047B-4B6B-AEE2-90B175829D18", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_8945:-:*:*:*:*:*:*:*", matchCriteriaId: "645668C0-1702-4EBE-AF4D-F73824AF4C41", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_8961_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "AE399426-F090-4E49-9B8D-F5626ED8DD0A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_8961:-:*:*:*:*:*:*:*", matchCriteriaId: "73338C3B-3AFA-4F64-B8C6-FDEBBBDCFD31", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_9951_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "63DB2B9A-C131-4FA1-BFE3-E2879A8C945D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_9951:-:*:*:*:*:*:*:*", matchCriteriaId: "C0B483E7-0B8D-480B-94B9-93F00AE91B4B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_ip_phone_9971_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "667CCF0A-0D40-4000-9DD5-FE506F0BC725", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_phone_9971:-:*:*:*:*:*:*:*", matchCriteriaId: "FBF7ABE8-03D3-4ACA-834A-89D37D5EBFB2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:ata_187_analog_telephone_adapter_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ED8E935A-C400-45D0-85C1-7C75769E2AA5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:ata_187_analog_telephone_adapter:-:*:*:*:*:*:*:*", matchCriteriaId: "AA0CD943-831E-49B6-8BA9-EA21972ACEBA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user's phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability.", }, { lang: "es", value: "Una vulnerabilidad en los teléfonos IP de Cisco Unified podría permitir a un atacante remoto no autenticado hacerse pasar por el teléfono de otro usuario si Cisco Unified Communications Manager (CUCM) está en modo seguro. Esta vulnerabilidad es debido a la generación inapropiada de claves durante el proceso de fabricación que podría resultar en claves fabricadas duplicadas instaladas en varios dispositivos. Un atacante podría aprovechar esta vulnerabilidad al llevar a cabo un ataque de máquina en el medio en la comunicación segura entre el teléfono y el CUCM. Una explotación con éxito podría permitir al atacante hacerse pasar por el teléfono de otro usuario. Esta vulnerabilidad no puede abordarse con actualizaciones de software. Se presenta una mitigación que aborda esta vulnerabilidad", }, ], id: "CVE-2022-20817", lastModified: "2024-11-21T06:43:36.787", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.2, source: "ykramarz@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-06-15T18:15:08.997", references: [ { source: "ykramarz@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4", }, ], sourceIdentifier: "ykramarz@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-338", }, ], source: "ykramarz@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-338", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2022-20817
Vulnerability from cvelistv5
Published
2022-06-15 17:55
Modified
2024-11-01 19:02
Severity ?
EPSS score ?
Summary
A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user's phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability.
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4 | vendor-advisory, x_refsource_CISCO |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Cisco | Cisco IP Phones with Multiplatform Firmware |
Version: n/a |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T02:24:49.918Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20220615 Cisco IP Phone Duplicate Key Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-20817", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-01T18:42:50.391033Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-01T19:02:31.240Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco IP Phones with Multiplatform Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2022-06-15T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user's phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-338", description: "CWE-338", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-06-15T17:55:32", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20220615 Cisco IP Phone Duplicate Key Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4", }, ], source: { advisory: "cisco-sa-cp6901-dup-cert-82jdJGe4", defect: [ [ "CSCvz07149", ], ], discovery: "INTERNAL", }, title: "Cisco IP Phone Duplicate Key Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2022-06-15T23:00:00", ID: "CVE-2022-20817", STATE: "PUBLIC", TITLE: "Cisco IP Phone Duplicate Key Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco IP Phones with Multiplatform Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user's phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability.", }, ], }, exploit: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "7.4", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-338", }, ], }, ], }, references: { reference_data: [ { name: "20220615 Cisco IP Phone Duplicate Key Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4", }, ], }, source: { advisory: "cisco-sa-cp6901-dup-cert-82jdJGe4", defect: [ [ "CSCvz07149", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2022-20817", datePublished: "2022-06-15T17:55:32.726275Z", dateReserved: "2021-11-02T00:00:00", dateUpdated: "2024-11-01T19:02:31.240Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-3360
Vulnerability from cvelistv5
Published
2020-06-18 02:17
Modified
2024-11-15 17:05
Severity ?
EPSS score ?
Summary
A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM | vendor-advisory, x_refsource_CISCO |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Cisco | Cisco IP Phone 8800 Series Software |
Version: n/a |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:30:58.207Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20200617 Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-3360", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-15T16:21:10.982053Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-15T17:05:37.576Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco IP Phone 8800 Series Software", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2020-06-17T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-18T02:17:03", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20200617 Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM", }, ], source: { advisory: "cisco-sa-phone-logs-2O7f7ExM", defect: [ [ "CSCvt23310", "CSCvt27636", "CSCvt27637", "CSCvt27645", ], ], discovery: "INTERNAL", }, title: "Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2020-06-17T16:00:00", ID: "CVE-2020-3360", STATE: "PUBLIC", TITLE: "Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco IP Phone 8800 Series Software", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "5.3", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-200", }, ], }, ], }, references: { reference_data: [ { name: "20200617 Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM", }, ], }, source: { advisory: "cisco-sa-phone-logs-2O7f7ExM", defect: [ [ "CSCvt23310", "CSCvt27636", "CSCvt27637", "CSCvt27645", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2020-3360", datePublished: "2020-06-18T02:17:03.642062Z", dateReserved: "2019-12-12T00:00:00", dateUpdated: "2024-11-15T17:05:37.576Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }